How can you fix, remove, and recover from a DNS Changer Violation?

You’re looking for information on how to clean up or fix malicious
software (“malware”) associated with DNS Changer. It’s possible that
either your computer or your home router has been modified to use
resources once controlled by criminals to redirect your traffic. You
can find more information about this malware on our main page:

http://www.dcwg.org

or visiting the FBI page about DNS Changer:

http://www.fbi.gov/news/stories/2011/november/malware_110911

If you think you have been affected by this malware, you do need to
fix your computer. The malware tool kits used that change your
computer’s DNS settings are very pervasive. Initially, the only way
researchers could ensure that a machine was fixed was to reformat the
hard drive and reinstall the operating system from scratch. The malware
affected the boot blocks on the hard disk of the computer, so even if
people just reverted their operating system to a prior backup, the
malware could reclaim the PC. Later on, several anti-malware software
companies came up with fixes that removed software correctly. Some of
them are listed below.
In addition to modifying your computer’s DNS settings, the malware
also looked for home routers to which the computer was attached and
modified their DNS settings as well. Not only were the infected
computers using rogue DNS services, but other devices in the household
or office as well, including wifi-enabled mobile phones, tablets, smart
HDTVs, digital video recorders, and game consoles. The criminals would
change the web content that users downloaded to suit their needs and
make money.
Below are some steps to follow:

The first thing you want to do is make a backup of all of your
important files. You might go to a computer store or shop online for a
portable hard drive and copy all of your files onto that drive.

Either you or a computer professional that you rely upon and trust
should follow the “self help” malware clean up guides listed below. The
goal is to remove the malware and recover your PC from the control of
the criminals that distributed it. If you were already thinking of
upgrading to a new computer, now may be a good time to make the switch.

Once you have a clean PC, follow instructions for ensuring that your
DNS settings are correct. If you’re not using a new PC, you’ll want to
check that your computer’s DNS settings are not still using the DNS
Changer DNS servers. We hope to have some of our own instructions
soon. Until then, the instructions and screen shots found in step 2 at
http://opendns.com/dns-changer are quite good if you want to manually
set your DNS settings. You also have the option to return to using your
ISP-provided automatic settings by choosing the “automatically” option
(Windows) or deleting any DNS servers listed (MacOS).

After you have fixed your computer, you will want to look at any
home router you’re using and make sure they automatically use DNS
settings provided by the ISP. We’ll have a document for this soon.

Changing DNS is only one of the functions of the malware kits. The
malware could have been used for capturing keystrokes or acting as a
proxy for traffic to sensitive sites like bank accounts or social
media. It would be a good idea to check your bank statements and credit
reports as well as change passwords on any online accounts especially
saved passwords from your applications or web browsers.

How can you fix, remove, and recover from a DNS Changer Violation?

Please take immediate steps to safe guard your computer and data if
any of the test indicate that you might be violated with DNS Changer. If
the Check-Up Site indicates that you are affected then either follow
the instructions on that site or run one of the following free tools listed below to remove DNSChanger and related threats: